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LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

I- 8. (Cancelled) 

II- 27. (Cancelled) 

28. (New) A method of automatically obtaining a second certificate for a user using a first 
certificate, comprising: 

accessing a registration server using a user's server and the first certificate of the user to 
create a connection that authenticates both the user's server identity via a server certificate of the 
user server and the user's identity via the user's first certificate; 

creating a secure data channel between the registration server and the user server; 

forwarding a request for the second certificate from the user server to the registration 

server; 

determining in the registration server that the user is entitled to the second certificate; 
forwarding a request fi*om the registration server to an authority to generate a 
private/public key pair; 

sending the private key to the user fi-om the authority via the secure data channel; 
sending the public key from the authority to another authority to be signed; and 
forwarding the second certificate fi-om the another authority to a directory. 
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29. (New) The method of claim 28, further comprising sending a backup copy of the private 
key from the authority to a key recovery authority. 

30. (New) The method of claim 28, wherein the first certificate comprises a signature 
certificate. 

31. (New) The method of claim 28, wherein the second certificate comprises an encryption 
certificate. 

32. (New) The method of claim 28, wherein the first certificate comprises an expiring signature 
certificate and the second certificate comprises a replacement signature certificate. 

33. (New) The method of claim 28, wherein the first certificate comprises a signature certificate 
and the second certificate comprises a replacement encryption certificate. 

34. (New) The method of claim 28, wherein the first certificate comprises a signature certificate 
and the second certificate comprises one of either the user's current encryption certificate or an 
expired encryption certificate of the user. 

35. (New) A method of automatically obtaining a second certificate for a user using a first 
certificate, the method comprising: 
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accessing a server platform using a user's server and the first certificate of the user to 
create a connection that authenticates both the user's server identity via a server certificate of the 
user server and the user's identity via the user's first certificate; 

creating a secure data channel between the server platform and the user server; 

forwarding a request for the second certificate fi-om the user server to the server platform; 

and 

generating at the server platform the second certificate. 

36. (New) The method of claim 35, wherein the first certificate comprises a signature 
certificate. 

37. (New) The method of claim 35, wherein the second certificate comprises an encryption 
certificate. 

38. (New) The method of claim 35, wherein the first certificate comprises an expiring signature 
certificate and the second certificate comprises a replacement signature certificate. 

39. (New) The method of claim 35, wherein the first certificate comprises a signature certificate 
and the second certificate comprises a replacement encryption certificate. 



Serial No. 09/704,417 



Docket No. NG(MS)7188 



40. (New) The method of claim 35, wherein the first certificate comprises a signature certificate 
and the second certificate comprises one of either the user's current encryption certificate or an 
expired encryption certificate of the user. 

41. (New) An apparatus for automatically obtaining a second certificate for a user using a first 
certificate, the apparatus comprising: 

a user server and a registration server, the user server accessing the registration server 
using the first certificate of the user to create a connection that authenticates both the user's 
server identity via a server certificate of the user server and the user's identity via the user's first 
certificate; 

a secure data channel, the secure data channel being disposed between the registration 
server and the user server, the user server forwarding a request for the second certificate to the 
registration server through the secure data channel; 

a first authority, the registration server determining that the user is entitled to the second 
certificate and forwarding a request to the first authority to generate a private/public key pair, the 
first authority sending the private key to the user via the secure data channel; 

a second authority, the first authority sending the public key to the second authority to be 
signed; and 

a directory, the second authority forwarding the second certificate to the directory. 
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42. (New) The apparatus of claim 41, wherein the first certificate comprises a signature 
certificate. 

43. (New) The apparatus of claim 41, wherein the second certificate comprises an encryption 
certificate. 

44. (New) The apparatus of claim 41, wherein the first certificate comprises an expiring 
signature certificate and the second certificate comprises a replacement signature certificate. 

45. (New) The apparatus of claim 41, wherein the first certificate comprises a signature 
certificate and the second certificate comprises a replacement encryption certificate. 

46. (New) The apparatus of claim 41, wherein the first certificate comprises a signature 
certificate and the second certificate comprises one of the user's current encryption certificate 
and an expired encryption certificate of the user. 

47. (New) An apparatus for automatically obtaining a second certificate for a user using a first 

certificate, the apparatus comprising: 

a user server and a server platform, the user server accessing the server platfonn using th( 
first certificate of the user to create a connection that authenticates both the user's server identity 

via a server certificate of the user server and the user's identity via the user's first certificate; 
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a secure data channel, the secure data channel being disposed between the server platform 
and the user server; 

the user server forwarding a request for the second certificate to the server platform; and 
the server platform generating the second certificate. 

48. (New) The apparatus of claim 47, wherein the first certificate comprises a signature 
certificate 

49. (New) The apparatus of claim 47, wherein the second certificate comprises an encryption 
certificate. 

50. (New) The apparatus of claim 47, wherein the first certificate comprises an expiring 
signature certificate and the second certificate comprises a replacement signature certificate. 

51. (New) The apparatus of claim 47, wherein the first certificate comprises a signature 
certificate and the second certificate comprises a replacement encryption certificate. 

52. (New) The apparatus of claim 47, wherein the first certificate comprises a signature 
certificate and the second certificate comprises one of either the user's current encryption 
certificate or an expired encryption certificate of the user. 



